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(54) ILLEGAL PACKET PREVENTION METHOD AND BRIDGE 

(57)Abstract: 

PROBLEM TO BE SOLVED: To realize a stable 
computer communication network by comparing a 
combinations of addresses processed in protocols of 
different layers with a registered combination so as to 
abort a packet with a different address. 
SOLUTION: The bridge 10 uses a 
multiplexer/demultiplexer circuit 1 1 to demultiplex a 
multiplexed signal into a channel signal of each 
subscriber and an HDLC processing circuit 12 detects a 
start and an end flag from an HDLC packet of each 
channel to decode an Ethernet packet. The decoded 
Ethernet packet is fed to an address check circuit 1 3. 
The circuit 1 3 compares a set of the Ethernet address 
and an IP address with a content of a memory table 
registered in advance in a memory 1 4 and aborts it to be 
an illegal packet when combination of packets differs 
from the registered content. Other packets than illegal 
packets are fed to an Ethernet controller 1 5, from which 
the packets are sent to a center side Ethernet 22 and 
sent to a subscriber side Ethernet 21 other than the transmitter source. 
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3.1n the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] Correspondence of the address processed with the protocol of a mutually different 
layer by the bridge equipment which relays the packet-ized data between networks is registered 
beforehand. The first address which is included in the header of the packet transmitted and 
shows transmitting-in network of the packet origin, or the destination, The second address which 
is included in the data of the packet transmitted and shows the transmitting origin in the 
protocol of a high order layer or the destination is detected. The inaccurate packet prevention 
approach characterized by discarding the packet when the combination of the first address and 
the second address which were detected differs from all of the combination registered 
beforehand. 

[Claim 2] Correspondence of the address processed with the protocol of a mutually different 
layer by the bridge equipment which relays the packet-ized data between networks is registered 
beforehand. When the data of the packet transmitted are the response to an inquiry of the 
address of the second layer using the address of the first layer, The inaccurate packet 
prevention approach characterized by discarding the packet when the combination of the 
address of the first layer and the address of the second layer which are included in the data of 
the packet differs from all of the combination registered beforehand. 
[Claim 3] In the bridge equipment which relays the packet-ized data between networks A 
storage means by which the combination of the address processed with the protocol of a 
mutually different layer is registered beforehand. The first detection means which detects the 
first address which is included in the header of the packet transmitted and shows the 
transmitting origin of the packet, or the destination. The second detection means which detects 
the second address which is included in the data of the packet transmitted and shows the 
transmitting origin in the protocol of a high order layer, or the destination, Bridge equipment 
characterized by having a means to discard the packet when the combination of the first address 
detected by said first means and the second address detected by said second means differs 
from all of the combination registered into said storage means. 

[Claim 4] In the bridge equipment which relays the packet-ized data between networks A 
storage means by which the combination of the address processed with the protocol of a 
mutually different layer is registered beforehand, A means to detect that the data of the packet 
transmitted are the response to an inquiry of the address of the second layer using the address 
of the first layer. With this first means Bridge equipment characterized by having a means to 
discard the packet when the combination of the address of the first layer and the address of the 
second layer which are included in the data of the detected packet differs from all of the 
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[Translation done.] 
* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
S.In the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the online communications which packet-ize 
data and transmit them. It is related with the bridge equipment which performs packet junction 
between networks especially. It is related with detection and prevention of an inaccurate packet 
with bridge equipment in more detail. 

[0002] In this specification, what was connected by the "network" possible [ transmission and 
reception of one or more terminals of a packet ] is said. That is, the case where the number of 
terminals is "1" is included about some [ at least ] networks from which a packet is relayed by 
bridge equipment. 
[0003] 

[Description of the Prior Art] In the online communications which packet-ize data and transmit 
them between computers, in order to perform packet junction between networks, the bridge 
equipment which performs a packet transfer with the protocol of the data link layer of an OSI 
reference model is widely used from the former. Moreover, such bridge equipment is used also in 
order to hold two or more terminals. Below, the junction between the Ethernet through a 
subscriber line is explained to an example. 

[0004] Drawing 8 is the block block diagram showing the bridge equipment 30 and its use gestalt 
of the conventional example. Bridge equipment 30 performs packet junction between two or 
more subscriber side Ethernet 21 and center side Ethernet 22. One or more subscriber terminals 

23 and the low-end card (LEC) 24 are connected to subscriber side Ethernet 21, respectively, 
and the low-end card 24 is connected to a subscriber line 26 through the subscriber side 
terminating set 25, respectively. Termination of these subscriber lines 26 is carried out by the 
subscriber communication system terminating set 27 by the side of a network contractor 
(SLT:Subscriber Line Terminal), and they are connected to center side Ethernet 22 through 
bridge equipment 30. The information server 28 is shown in drawing as equipment (computer) 
connected to center side Ethernet 22. 

[0005] As a subscriber terminal 23, a personal computer is used, for example. The low-end card 

24 is a kind of bridge equipment, and performs the interface/protocol conversion between 
Ethernet and a subscriber line. When the communication line offered by the subscriber line 26 is 
an ISDN circuit or a digital dedicated line as a subscriber side terminating set 25, in the case of 
DSU (Digital Service Unit) and an optical-communication system, what is called ONU (Optical 
Network Unit) equipped with the photoelectricity signal transformation function is used. Metal or 
an optical fiber is used as a subscriber line 26, and a line connection is carried out by 64 kbit/s, 
1 28 kbit/s, or 1 .5 Mbit/s. Moreover, when the communication line offered by the subscriber line 
26 is an analog network, a modem is used instead of the subscriber side terminating set 25. 
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[0006] Bridge equipment 30 is equipped with multiplex and the separation circuit 31, the HDLC 
processing circuit 32, and the Ethernet controller 33. Since two or more subscriber's-loop 
signals are multiplexed by the I/O signal of the subscriber communication system terminating set 
27, to an input signal, it carries out multiplex [ of multiplex and the separation circuit 31 ] to 
separation and a sending signal about the circuit for every subscriber. The HDLC processing 
circuit 32 extracts an Ethernet packet from the HDLC packet from a subscriber to a center side, 
and encapsulates the ISATTO packet from a center side to a subscriber to an HDLC packet. 
The Ethernet controller 33 performs the distribution by the side of the subscriber of an ether 
packet, or a center, and an interface function with center side Ethernet 22. 
[0007] When performing a communication link from the subscriber terminal 23, the packet from 
the Ethernet interface with which the subscriber terminal 23 is equipped is first sent to the low- 
end card 24. The low-end card 24 processes the Ethernet packet which received with an HDLC 
(High-Level Data Link Control) protocol, encapsulates or maps it to HDLC packet data, and is 
transmitted to a network side by the communication line on a subscriber line 26. Before and 
after an Ethernet packet, an HDLC beginning flag and an ending flag are added and, specifically, it 
transmits. In addition, it is also possible to use the protocol of PPP (Point-to-Point Protocol) 
and others instead of HDLC. 

[0008] Termination is carried out by the subscriber communication system terminating set 27, 
the signal of a multiple-line is multiplexed, and the HDLC packet sent out to the communication 
line on a subscriber line 26 is inputted into bridge equipment 30. With bridge equipment 30, 
multiplex and the separation circuit 31 separate the multiplexed signal into each subscriber's line 
signal, and an Ethernet packet is restored by next detecting initiation and an ending flag from the 
HDLC packet of each circuit in the HDLC processing circuit 32. The restored Ethernet packet is 
sent from bridge equipment 30 by the reverse procedure also to subscriber side Ethernet 21 
different from a transmitting agency via the subscriber communication system terminating set 
27, a subscriber line 26, the subscriber side terminating set 25, and the low-end card 24 while it 
is sent out to center side Ethernet 22 via the Ethernet controller 33. 

[0009] Since useless traffic is reduced, if the destination of an Ethernet packet is in a center 
side like the information server 28, the packet will be transmitted only to center side Ethernet 
22, and if the destination is in other subscribers side, the packet is turned up by the Ethernet 
controller 33, and it can also transmit to the subscriber terminal 23 of the destination. In this 
case, since the information which terminal is connected to which subscriber's loop 
(communication link port) or center side Ethernet is required, the Ethernet address of an 
Ethernet packet is learned and it holds on a memory table (not shown). 
[0010] 

[Problem(s) to be Solved by the Invention] With conventional bridge equipment, two or more 
communication link ports were usually prepared, it is detecting the Ethernet address of the 
terminal (computer) connected to the point of between all communication link ports or each 
communication link port, i.e., the 48-bit MAC (Media Access Control) address, and the packet 
transmission and reception between them were enabled. However, with conventional bridge 
equipment, although the Ethernet address could be learned, it was not able to check to the 
justification [ address / which are processed by the high order layer / the IP address of the 
packet for IP communication link and the Ethernet address ] of correspondence. For this reason, 
in order to become and clear up to other terminals a setting mistake and intentionally, for 
example, even when the same IP address as other terminals was set as a terminal, the packet 
from that terminal was passed as it is, and there was a problem that derangement arose in a 
communication link. Furthermore, it was also difficult to specify the terminal which has caused 
the problem in such a case. 

[0011] This invention solves such a technical problem and aims at offering the inaccurate packet 
prevention approach and bridge equipment which can perform the online communications which 
prevented derangement of the communication link by the inaccurate packet by intentionally [ of 
the address of a high order layer / a setting mistake or intentionally ], and were stabilized. 
[0012] 

[Means for Solving the Problem] Correspondence of the address processed with the protocol of 
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a mutually different layer by the bridge equipment which the first viewpoint of this invention is 
the inaccurate packet prevention approach, and relays the packet-ized data between networks is 
registered beforehand. The first address which is included in the header of the packet 
transmitted and shows transmitting-in network of the packet origin, or the destination, The 
second address which is included in the data of the packet transmitted and shows the 
transmitting origin in the protocol of a high order layer or the destination is detected. When the 
combination of the first address and the second address which were detected differs from all of 
the combination registered beforehand, it is characterized by discarding the packet. 
[0013] In performing IP (Internet Protocol) communication link by the high order layer, using 
Ethernet as a network, it compares with the group of the address registered beforehand about 
the group of the Ethernet address and the IP address which were given to the header and data 
of an Ethernet packet. And the packet is discarded when there is no match. Thereby, 
derangement of the communication link by the inaccurate packet by intentionally [ of an IP 
address / a setting mistake or intentionally ] can be prevented. 

[0014] In the communication link between computers, even if the address of a high order layer is 
known, when the address of a lower layer is strange, multiple address transmission of the 
address of the high order layer is carried out, and getting to know the address of a lower layer by 
the response is performed. If it is the case of IP communication link, by carrying out multiple 
address transmission of the phase hand IP address by the ARP (Address Resolution Protocol) 
demand packet, and a phase hand's terminal answering it, and returning one's Ethernet address 
by the ARP response packet, it is a transmitting agency and a phase hand's Ethernet address 
can be known. Also in this case, the combination of the inaccurate address may be returned by 
intentionally [ of a phase hand IP address / a setting mistake or intentionally ]. 
[0015] The second viewpoint of this invention prevents such injustice, and correspondence of 
the address processed with the protocol of a mutually different layer by the bridge equipment 
which relays the packet-ized data between networks is registered beforehand. When the data of 
the packet transmitted are the response to an inquiry of the address of the second layer using 
the address of the first layer. When the combination of the address of the first layer and the 
address of the second layer which are included in the data of the packet differs from all of the 
combination registered beforehand, it is characterized by discarding the packet. 
[0016] The ARP response packet encapsulated by the data of an Ethernet packet is specifically 
detected, and it compares with the group of the address beforehand registered about the group 
of the IP address of "the destination currently looked for" in the header of the ARP packet, and 
the Ethernet address. And the packet is discarded when there is no match. 
[0017] In the bridge equipment which the third viewpoint of this invention is equipment which 
performs the approach of the first viewpoint, and relays the packet-ized data between networks 
A storage means by which the combination of the address processed with the protocol of a 
mutually different layer is registered beforehand. The first detection means which detects the 
first address which is included in the header of the packet transmitted and shows the 
transmitting origin of the packet, or the destination. The second detection means which detects 
the second address which is included in the data of the packet transmitted and shows the 
transmitting origin in the protocol of a high order layer, or the destination. When the combination 
of the first address detected by the first means and the second address detected by the second 
means differs from all of the combination registered into the storage means, it is characterized 
by having a means to discard the packet. 

[0018] In the bridge equipment which the fourth viewpoint of this invention is equipment which 
performs the approach of the second viewpoint, and relays the packet-ized data between 
networks A storage means by which the combination of the address processed with the protocol 
of a mutually different layer is registered beforehand, A means to detect that the data of the 
packet transmitted are the response to an inquiry of the address of the second layer using the 
address of the first layer. When the combination of the address of the first layer and the address 
of the second layer which are included in the data of the packet detected by this first means 
differs from all of the combination registered into the storage means, it is characterized by 
having a means to discard that packet. 
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[0019] 

[Embodiment of the Invention] D rawing 1 is the block block diagram showing the operation 
gestalt of this invention, and shows bridge equipment 10 and its use gestalt. Here, the junction 
between the Ethernet through a subscriber line is explained to an example. 
[0020] In this operation gestalt, bridge equipment 10 performs packet junction between two or 
more subscriber side Ethernet 21 and center side Ethernet 22. One or more subscriber terminals 
23 and the low-end card (LEG) 24 are connected to subscriber side Ethernet 21, respectively, 
and the low-end card 24 is connected to a subscriber line 26 through the subscriber side 
terminating set (ONU/DSU) 25, respectively. Termination of these subscriber lines 26 is carried 
out by the subscriber communication system terminating set (SLT) 27 by the side of a network 
contractor, and they are connected to center side Ethernet 22 through bridge equipment 10. The 
information server 28 and the management server 29 are shown in drawing as equipment 
(computer) connected to center side Ethernet 22. 

[0021] Bridge equipment 10 is equipped with multiplex and the separation circuit 11, the HDLC 
processing circuit 1 2, the address checking circuit 1 3, memory 1 4, and the Ethernet controller 
15. Since two or more subscriber's-loop signals are multiplexed by the I/O signal of the 
subscriber communication system terminating set 27, to an input signal, it carries out multiplex 
[ of multiplex and the separation circuit 1 1 ] to separation and a sending signal about the circuit 
for every subscriber. The HDLC processing circuit 1 2 extracts an Ethernet packet from the 
HDLC packet from a subscriber to a center side, and encapsulates the ISATTO packet from a 
center side to a subscriber to an HDLC packet. The address checking circuit 13 checks the 
address information of an Ethernet packet, and discards the packet which has different address 
information from the contents beforehand registered into memory 1 4. The Ethernet controller 1 5 
performs the distribution by the side of the subscriber of an ether packet, or a center, and an 
interface function with center side Ethernet 22. 

[0022] Here, with reference to drawing 2 thru/or drawing 5 , a address resolution protocol (ARP) 
required for the communication link between the structure of an Ethernet packet and an IP 
packet and a terminal is explained. 

[0023] Drawing 2 shows the structure of an Ethernet packet. The field which shows the 
classification (ETYPE) of the destination Ethernet address, the transmitting agency Ethernet 
address, and a higher-level protocol as a header is established in an Ethernet packet, and the 
frame-check-sequence field (PCS) for a data field and an error correction is further established 
in it. 

[0024] Drawing 3 shows the rough structure of an IP packet, and drawing 4 shows detailed 
structure per 4 bytes. An IP packet is constituted by the header field and the data field, and 
these are stored in the data area of an Ethernet packet, and it is transmitted and received. Each 
field of a version, header length, a service type, IP packet size, a packet identifier, a flag, the 
offset for data division, a packet life time, the identifier for the upper layers, the checksum for 
headers, a transmitting agency IP address, a phase hand IP address, and an option is consisted 
of by the header field of an IP packet. 

[0025] Drawing 5 shows the header structure of an ARP packet per 4 bytes. An ARP packet is 
also stored in the data area of an Ethernet packet, and is transmitted and received. The header 
of an ARP packet consists of each field of a hardware type, a protocol type, the die length of a 
hardware address, the die length of a protocol address, operation, the transmitting agency 
Ethernet address, a transmitting agency IP address, the destination Ethernet address currently 
looked for, and the destination IP address currently looked for. In order to communicate through 
Ethernet, the Ethernet address of a mutual terminal is required. For this reason, in IP 
communication link, it is necessary to obtain the Ethernet address of the terminal which has a 
phase hand IP address first. Then, broadcasting transmission of the ARP demand packet is 
carried out first. The terminal which has the IP address which corresponds to this ARP demand 
packet returns its Ethernet address as an ARP response packet. Thereby, the corresponding 
Ethernet address can be obtained. A communication link becomes possible by specifying a phase 
hand IP address and the Ethernet address by the predetermined address field henceforth. The 
distinction with an ARP demand and a response is recognized according to the contents of 



file://D:¥My Documents¥JPOEn¥JP-A-H09-307580.html 



2007/02/23 



JP-A-H09-307580 



7/11 V 



assignment of an operation field. 

[0026] With reference to drawing 1 , the actuation is explained again. When transmitting a packet 
from the subscriber terminal 23, the packet from the Ethernet interface with which the 
subscriber terminal 23 is equipped is first sent to the low-end card 24. The low-end card 24 
processes the Ethernet packet which received with an HDLC protocol, encapsulates or maps it 
to HDLC packet data, and is transmitted to a network side by the communication line on a 
subscriber line 26. Before and after an Ethernet packet, an HDLC beginning flag and an ending 
flag are added and, specifically, it transmits. It is also possible to use the protocol of PPP and 
others instead of HDLC. Termination is carried out by the subscriber communication system 
terminating set 27, the signal of a multiple-line is multiplexed, and the HDLC packet sent out to 
the communication line on a subscriber line 26 is inputted into bridge equipment 10. With bridge 
equipment 1 0, multiplex and the separation circuit 1 1 separate the multiplexed signal into each 
subscriber's line signal, and an Ethernet packet is restored by next detecting initiation and an 
ending flag from the HDLC packet of each circuit in the HDLC processing circuit 12. Restoration 
processing of an Ethernet packet is performed to juxtaposition. The restored Ethernet packet is 
sent to the address checking circuit 1 3. If the address checking circuit 1 3 is the packet of a 
different combination from the contents of registration as compared with the contents of the 
memory table beforehand registered into memory 1 4, it will discard the group of the Ethernet 
address and an IP address as an inaccurate packet. Like [ the Ethernet controller 1 5 ] delivery 
and the conventional example, a reverse procedure sends out packets other than an inaccurate 
packet also to subscriber side Ethernet 21 with an another transmitting agency while sending 
them out to center side Ethernet 22. 

[0027] Drawing 6 shows the flow of the address checking circuit 1 3 of operation. Only in the 
case of the Ethernet packet containing the usual IP packet, as a candidate for a check of the 
address by the address checking circuit 1 3, the case of only the Ethernet packet containing an 
ARP packet and the case of the both sides can be considered. Here, the case where both sides 
are made applicable to a check is explained. 

[0028] If an Ethernet packet is inputted, as for the address checking circuit 13, the contents of 
the data field will judge an IP packet or an ARP response packet. In the case of an IP packet, the 
transmitting origin included in the header of an Ethernet packet or the Ethernet address of the 
destination, and the IP address of the transmitting origin included in the header of an IP packet 
or the destination are detected, and the combination of the Ethernet address and the IP address 
which were detected, and the combination beforehand registered into the table in memory 14 are 
compared with it, and in differing from all, it discards the packet. Moreover, the combination of 
the Ethernet address of the destination and the IP address which are searching in the header of 
the ARP response packet when the contents of the data field of an Ethernet packet are ARP 
response packets is compared with the combination beforehand registered into the table in 
memory 14, and in differing from all, it discards the packet. 

[0029] Considering the purpose which prevents an inaccurate packet, fundamentally, the check 
of an ARP packet is enough. However, an inaccurate packet can be more certainly prevented 
with checking the Ethernet packet containing the usual IP packet. 
[0030] Drawing 7 shows an example of the table beforehand registered into memory 1 4. 
Correspondence with the Ethernet address for a subscription terminal and an IP address is 
registered into this table. The address checking circuit 1 3 and the correspondence relation of 
these addresses are checked. For example, in "the Ethernet address 1 ", a destination IP address 
discards [ the destination Ethernet address ] a packet by which the destination IP address is set 
as "IP address 2" in "the Ethernet address 1 ", although the destination Ethernet address 
passes the thing of "IP address 1." The same is said of an ARP packet, and although it is made 
to pass when the Ethernet address is set as "the Ethernet address 1 " for the IP address of the 
destination which is searching in the header of an ARP response packet by "IP address 1 ", the 
packet in which one of the addresses differs from the contents of the table discards. 
[0031] As an approach of registering such a table into memory 14, although creating with bridge 
equipment 10 is also possible, it is convenient to create and transmit by the general purpose 
computer or workstation on a network. That is, a table is created by the management server 29 
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and it transmits to bridge equipment 10 by the approach of of FTP (File Transfer Protocol), or 
SNMP (Simple Network Managentnt Protocol) and others. According to this approach, it is 
controllable at RIMOTO. 

[0032] Since useless traffic is reduced like the conventional example also in this operation 
gestalt, if the destination of an Ethernet packet is in a center side like the information server 28, 
that packet will be transmitted only to center side Ethernet 22, and if the destination is in other 
subscribers side, that packet is turned up by the Ethernet controller 15, and it can also transmit 
to the subscriber terminal 23 of the destination. In this case, the information which terminal is 
connected to which subscriber's loop (communication link port) or center side Ethernet is 
required. Then, the Ethernet address of an Ethernet packet is learned with bridge equipment 10, 
and it holds on the memory table. This memory table is shared with the table for an inaccurate 
packet check, and the amount of memory can be reduced by using the table of a gestalt to 
which port information was added. 

[0033] With the operation gestalt explained above, it confirms whether to be what is beforehand 
registered in the group of an IP address and the Ethernet address, and since a different 
inaccurate Ethernet packet from registration information discards, it can prevent derangement of 
the communication link by the inaccurate packet. 

[0034] Although the operation gestalt explained above explained the case where a 
communication line and center side Ethernet were connected to the example, the configuration 
which connects two or more Ethernet to the port of direct bridge equipment can carry out this 
invention similarly. Moreover, it is also possible to consider as the configuration which connects 
the terminal for control to bridge equipment, and changes a memory table directly, without using 
a management server. Furthermore, although the gestalt which checks IP communication link 
about the combination of the Ethernet address and an IP address for an example was explained, 
an inaccurate packet can be similarly prevented by carrying out an address check similarly to 
higher-level protocols other than IP. 
[0035] 

[Effect of the Invention] As explained above, it confirms whether the inaccurate packet 
prevention approach and bridge equipment of this invention are in agreement with what was 
registered beforehand about correspondence of the address processed with the protocol of a 
mutually different layer in online communications, and a different packet from what was 
registered discards. There is effectiveness it is ineffective to it being possible for this to realize 
the computer communication network which derangement of the communication link by the 
inaccurate packet did not arise, and was stabilized. 
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DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] The block block diagram showing the operation gestalt of this invention. 
[Drawing 2] Drawing showing the structure of an Ethernet packet. 
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[Drawing 3] Drawing showing the rough structure of an IP packet. 

[Drawing 4] Drawing showing the detailed structure of an IP packet. 

[Drawing 5] Drawing showing the header structure of an ARP packet. 

[Drawing 6] Drawing showing the flow of an address checking circuit of operation. 

[Drawing 7] Drawing showing an example of the table beforehand registered into memory. 

[Drawing 8] The block block diagram showing the bridge equipment and its use gestalt of the 

conventional example. 

[Description of Notations] 

10 30 Bridge equipment 

1 1 31 Multiplex and separation circuit 

12 32 HDLC processing circuit 

13 Address Checking Circuit 

14 Memory 

1 5 33 Ethernet controller 

21 Subscriber Side Ethernet 

22 Center Side Ethernet 

23 Subscriber Terminal 

24 Low-end Card 

25 Subscriber Side Terminating Set 

26 Subscriber Line 

27 Subscriber Communication System Terminating Set 

28 Information Server 

29 Management Server 
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DRAWINGS 



[Drawing 3] 

[Drawing 1] 
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[Drawing 2] 
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[Drawing 7] 
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vuxt^mmv. 10 

-efflA^r-:, ^©r'-^f{c^^n5ll- 
©^'('i'©TF^;^ill^©^'f ■i'©r Fbxi®ia*^ 

m s KMife ■S W i'® h 3 ffifl § n s r h* U X 



IS-®^|gCc J: Mta § n/cHzl® T K U X i ®M*^ 
t.ii^^—ov^^(D7 Fu;^il^n®u-<i'®T Fu 



[000 1 ] 

mmomt^wmm^ if-mmty'-^^j^^v Fit 

[ 0 0 0 2 ] :$Hgffl»fCfct,^-C r^yhy-i'j itJ. 
X'fXkSDmm^'-^T V F®iiSMHlfigKMi^3nfc«>0 

r 1 J (jy^^^-m. 

[0003] 

|a©/^•er ■:; F«*ff 0 S I #M*-f JI'Ot'- 

$ y ^i'MO^^'n F 3;^t?/^•'5- -j F^mff 5 :/ y 
:/y ■:-iJ^gtt, ^^©^^S(R^-r5/c&{C^>fflt,>6 



[ 0 0 0 4 ] S 8 ttfit^^J©^ y 3 0 te J: O'^ 

©^•JfflJfM^^-r :/a i'flDjg^-C* rf y ygg 

3 0 ^mmsDMKmu-^^^ t^ym-f- 
1?-^ F 2 2 b(Dm(o^<^ v htpM^'u^. mxmu 
-v^'^hzi Ktt^n-en i iii±©iiA^ss*2 3 i 

0-i>F*"F (LEO 2At^mm^h. n-x 

> F*" F 2 4 u^n^timxm\m<&sz 5 

rJinA#S2 6{£:^;g|§nSo Ctl6©m^i^2 6H 

4^ V F -7 - fmmKDmAWMmmmmim: (slt. 

Subscriber Line Terminal) 2 7 K j; ^J^JgStl. :/y 
i>gg3 0 ^/M.-C-fe> ^ffj-f — F 2 2 (. 

[0 00 5] mX^<&^2 3 i L-rtt, 
;l/3>f^-3f7&5ffll,if,nSo a"X>F*--F2 4« 
-a©-^ y zymmr:$> , -C -iJ-^ F 
©W©'f>df7x-::^/7-aF3;l/gE^%fT5o tIA« 

©Ji-^CCttDSU (Digital Service Unit) , ^MH^ 

om-^icimmm'^^mm^m^tcONu (optica 
1 Network unit) i:mtn^i>mm^^nt, JnA* 

^2 6 i Urtt^ ^)l^6>.m^yr-{JWm^>6h. 
64kbit/s, 1 28kb i t/s*-St,H3:l. 5 

Mb i t/s-vmrnmrnr^. tfc mx^mevzj: 



[0 0 0 6] ■:/<j yv>mm3 0it. ^M-^mmm 

1. HDLC^ai@lSS32teJ;D'-Y--t*'^ h3>hn 

t?>. HDLCM[ii?§3 2«. MAm^ib'i^ym^ 

fflHDLC^^•^r .> v ^^^•^r ^, h^fflffi 

hj:^^>itm-<--^^ y 1-2 2 t(0 

[0 0 0 7] JPA*iS*2 3*^6MM%tf 5 J«^. ^® 
ttlA^*2 3 35sm-CI,^S-Y--if4^ y 

t3-x>K*--F2 4tt, ^^L/fc-f-iJ-^-^ 
h^HDLC (Hiqh-Level Data Link Contra 
1) 7*n h3;KcJ:f)ML, HDLC/n*^ hf^-^ 20 
ictiy-bMt$,?,l^f7y f>i^U-C. JaA#i^2 6 _h 
©jimiil»<:d:f3^2' h'7-i'llijKjii#'rs. 

ii^T7 9i^i4fflaL-Cji<i^5„ ifete. HDLC© 
R*)f5{CPPP (point-to-Fbint Protocol ) €®fi&© 

[0 0 0 8] J]nA#i^2 6±©M«lHlSKaffl§nfcH 

D L cv^•^r b mAmmmimm2 1 {ci 
ai!(iii®©m#*5^«t§tir y^g3 o 

icAtl-§ii6. J^gg 3 O-Ctt. ^©^»fc§n 30 
fc#^%^lt • ^>ifIilS§3 1 {C J: OSm^ffllUMi^ 
tC^^b, ;XKHDLCMIill§3 2Ktel^r#!aM© 
H D L C h 6 iiii^fe J: D^'HT 7 7 i/^*|[H-r S 

3 3 U-C-fe> -If^ y h 2 2 KjiHiStiS 
ii ^>(C. 3*m7C<!:B)giJ©»DA^fJ-/--!^^ h 2 1 tc 

>ffLTi> M©#)iccj;D> 3 0*>6»nA 

«imis^i^g2 7 , jniA*^2 6 , mxmm^m 

112 5fcJ:t>'n-x>K*"K2 4>&gStrii6n 4C 

[0 00 9] »Sli:^ch-7h-:.i'?:iSii-ra/£i&, -f— 9" 
^ y h/N-^ 1- ^•©5B5fei55tt^g■^^•-y^'2 8©j; 

^KjUMt, 5E5fe^^ffi®JniA=tiJK*n«^— h 

3>^l3-^3 3■r^®^^•^r.^ h ^Jf "3 il L t:^$fe©fti 
A*^*2 3(C3*(i-r-SC<i:^>-C#2,„ C©Jt^. £"© 
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[0010] 

©ra*-st,^B#aM'i<- F ©$fe5c«i^§n-rtiS^3S 

8fc'-;'h©MAC (Media Access Control) Th'lxX?: 

^■rsci-e. ^n?)©^©/'!-!^-:; hii^ff^wsei 

S!iaSti-i> I Paffffl^'!'^-^ h© I PTKUXi^-tf 
^ i; f-r KbXi©>fttE©Eatt*-C9^x'Vi?-r§Ci 

(D^mct^^ttttcmmom^tm i pt fpx 

[0011] $?6Hjtt, c:©ci;^^cS®?r^g?RU, ±fi 
lx-Y-l'©r F■^■X©^^5;^•f>te;tK<J;S^iE^^•^ry F 
KJ; Safi©tgSL?:P;)5± b T^S L/i: n > f ^ - 

5 c i ©T? t •^>^^E-'^•'5^ F i»±:^^fe ic;:/ y -y 

[0012] 

[^gl*)»?*1-5fc&©^IS] *^BJ3©^-®ll.'if»^ 

-!'©>'•□ F 3;UX?®fflSn-ST F U-XO^JS^S) h 

tti^a^'^T-y F©* -7 F •7-i'rt-C©jM#?c*fcB^ 
5fe*7nTm-©TFU;^t, F®-f" 
K^S n±<a u i'® -^-n F n ;FJc W ^ jli{i7cS fc 
B^$fc%^n-ril^®TFu;^i**^tHL, *^asti/cii 

-©7 F PXi||^®r F U;^ i©il^^t>-ti:0^*6A^ 
D«?)S#5n/cft^^^fc#©tr>rni 4>M^C§i»^K» 
^©vsy-y F*BSiSrSCi;|r1f®i-rS„ 
[0 0 1 3 ] ^u/ yv~'':^t\jX^--^^"j F^m^ 
I P (Internet Protocol ) jiff*ff5i« 
^{C«, W-f-^-:/ F^^•-5r ■y F©'^-> ^^'fciy^r-^fK 

f^^sn^c-^— Fr Fuxi I pr Fpxi©ia 
Kot-^r, &e.*>D&^§nfcr Fu:^©ffliJ;bi5-r 
■So -ei^-c, -s:-r-s^>©^5^ct^»^{cK, ^©a-jt-^, 
F^&)^-ri>, cticc<fci3. I Pr Fux©s^5;^^ 

[0 0 14] 3>f^-5?ffl©ji^t?t*> itiU'^-1'© 

r F bXTjsis^f *o-r ^>TtiCb-i'-l'©r F u-x^^*^ 

OJi^> ^©ifeP-Ti'OTFPX^IlIlg^fiL/. •€■© 

)t£;§cc<fci9Tfiu-i'-V'©r Fux:£SDaf:i*Jtfbnr 

l^So I Pa<I©Ji-a-"C&tllf, ARP (Address Reso 



w 

5 

lution Protocol ) S5J^^^•-^r ■> hiCj; Offl^5fc I PT F 
3iT C i -C, itg5n-C^B^5fe© -If ^ 5- H r K U X 

[0015] ^mMom=.(Dm!^MC<Di: ^ tj::^]Eim 

i^b-rfc#, ^jl^^^,■5^^•-5^2' h©f=-i?*s^-oU'f 
•Y<Dr F u:^^m^^^tcm^<Du-<^'co7 FU';^©Rgt,^^ 

$tn5l|-©H'i'©TFUXi^r.©H'i='©T F 

©(,^-rni^>M^i:■sli^^c5^^©^^•^r■3; vimmt?>c 

[0016] Mimiax -(--f^^ V ^>'^*-^^ v F©r- 
3^{c*7••^2;^^l:$^^fcARP^S^/^•-y.> F^&t^fflL, ^ 20 
©ARPA^r., Ko--s->yR© rgiLrt^5lE5feJ ©I 
Pr FUXi-f— 'f^^-:/ FTFUXi©fflKol,^-r, & 

i^^s^Dfesissn/cr Fux©iiittg?-rs„ -e-ur. 

[0017] 2^|gB^©0H©IS*tt»-©ll,-#,©#^* 
^f^S^g-r^fJ. Fft§nfcr--^'>£^-:' F 

Sb'fi'Oyc! F3;P-CM§ti57 FbXCtt^-^^D 

-7 F©--^-y ^?■(^:^^n-e©^^•^^ F©jtff^$fc»?^5fe 
%7i^-m-©r Fux?:i^ffl-rsm-©«ltH^i^i, K 
m^ii^^^^'-j F©7'-$K#sn±^au-r+©:7'n f 

3;KcfewajMff7£Sfctt5E5fe%/T^-ril-©T F 
^^^HiTSmro^SltH^Si. »-©l^mcj:f)1^fflSn 

?c®-©T F p X i »r.©^®K J: ^ 3 nfc^- © 

T F P X i ©fii?f^b-lf^iBtt^S(c^ § n/cffi*^ 

t)■t^•©l^-rni^>M%s^i^(cK^©/^•^r.;, F*««t- 
[0018] *^B^©SI0©li*tti|-©tS.'^,©:^S* 40 

iv-i-^-orfn F3;urffl§txST FPX©»&-^t> 

V F©f=-$*5^-©W-yi'©T FUX^rfflt^fc^-© 
IxW-i'WT FlxX©Bg(,^^t>-tfK>ft-r-2.)S^-r*^Ci 
%*lffi-r*^mi> C©»-©^mcj;0*lffl§ti/c^-! 
^.^ F©f^--i?{c^StiSI^-©H't©T FUXill 
-© H" ir©T F X i ©a^^t>#355|Blt^©KSfti 

§n/cM*^^t>ii©i^-rni ^>s^csii^(c«-e•©^^•^- 30 
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[0 0 19] 

:mM(ommomm] m 1 u^mnominm^mty 

[0 02 0] c<DmmBmt,asi.>x. -/u 'jms 1 0 
B«»©j)nA#WJ'C"f-* F 2 1 t^y-^m^-v-^ 

■> F 2 2 i©P5©/^•^r-y F*il?:^f JJDA^fJ-r-* 
* f- 2 1 fC«^ti^ti 1 «Jh©SDA^5R2 3 iP- 
x> F;^7- F ( L E C ) 24tf)mmdn, n-x>F 
F 2 4 w^n^niiA^iMffiSg ( o n u/d s 
u) 2bifybxmx^M2 6icmi^n?>. c*i6© 

JDA*^2 6«^-;; F ■?"-i'm#iJ©iJDA«afl^*^JK 

^M(SLT) 2 7{cj;D*&ssn, -/y i/yggio 

*:A-Lr-fe>^?ffliJ-l'-lJ-^-;' F2 2{c«^§tiSo IMfc 
B, •fe>^?§J^'-f-^-;' F 2 2{C^SI§nfc^g (3> 
iL-C, ttfg-tf-^^'2 8*5j:E>'fa■!^-w^*2 

[0 02 1 ] f^] yi^'mm.iou. ^m-^mm^i 

1, H D L Cl&iililSg 1 2 , r FPXg^^c i^i'llJSl 
3, I4tej;f>*-r-1f4^5' F3>Fa— 7l 5?: 

• ^^ffiHISI 1 I tt. MA^#.^^ffi«g 
2 7 ©Affl;^^^(c^|!(©»DA^Iil^^i^3&5^*fb5n 
rt^sci*^?., #*iiA#ft©[ilScc-r.i.^r. ^mn 

mbximm. mmmcMLxit0'mi-6, hdl 
c mmm^ 1 2 jda^:*^ e, -b > 3? «•%© h d l c 

6ftlA*'^®-l' "if 'i- F/^•^^ -i- F *H D L C^^'-^r F K 
*-7--fe;Wb-ra, TFUX9^i->i'lBlggl 353:, -f— 9" 
f-yN--^.;, FCD7FUXfffg?:?cc-;;i'L', &6^>D 

fey^y 1 4K^5tirt>i)i^^iS^csr FPxif 

^^^■rS/^-^-^ F^lrJ^-rSo -f-lf*-:- F3>FP 
-7 1 5«> ^'-If A^r.y F©;jDA^tJ*SOtt-fe>^? 
iJ^-OliO^W, *3j;0'i2>^'ffl'J-1'—y-^-;' F2 2i© 

a? * -x^tg^iitf -r So 

[0 02 2] ccr, m2tj:\.>Lm5immbX, -i- 

i. F^^•^r.v F> I vom&.sihmcwm 

©iiftJCii^g^cr FbX^^7"a FnJl- (ARP) K-:) 

[0 02 3] m2\t'(-^if.'j Vf^-^-j vomm^m 

-ii-^ u-FTFUX, ji^tTc-f'— tJ-^y Fr FWX*5j;j; 
±S7-n F 3;v©asiJ ( E T Y P E ) ^^-r F 

©fc*®7^-A5='* f i'i^-'>->X7^-;l/K (FC 
S) i)miihti?>. 

[ 0 0 2 4 ] a 3 5i I P/^•» -^^ F ©«!fB§W)fe^3g%ij^ 
b. S4ttifUt,^^ii^4^^*^ F#fiK^-r„ I P^^•^ 
Ftt-N ^;4<'>' ^";UFir-3;7 Y-JbFiKJrO^ 



;VF{Ctt, A-ya>, ^vifM:. •!f-h*X$-1'7\ I 

■So 

[0 02 5 ] mbUARPJ^&v V(0--~yitmm^AJ^ 

^■^ir-yhOT'-mmimisbhtixm^m^hz. ar 

F'i'srT KbXCOfig, 7'CiF3;l'T 
FPX, jHftTuI PTFP:^. ^t-rt,^-55E$fe'f--9-4<- 

c:©-A:i*i PjlSKtei^rw. i^icm^^i ? 
r F vx^^-t^^%(D^--^^ vV7Y €>'iJ 
^3ti5*So ^c-c, S^^J(cARPg3^c/^•-5^v F%-/a- 

F+fXF3imf-5o C:©ARPS5S/^••^^■v Fic>pfur 

^^•r.s I pr Fu;^?rW-r«s^«, u^n-i-^a^ 
^TF^;^?rARP^E^/^•^^' FiLriiMt-|>, c 
nK<tD, M^T^S-Y— t^-^ F7FPX%t#SCi3&s 
r§ s„ «ffi3:, [ PT F i -f — it^ F r 
F i §B)f^©T F 7 ^ Frjg^^-S C i {c 
J;«5> jifi:«)5Bl«§i^c€.o ARPM*<i:j£Si©|Em 
(J, U " 3 > 7 ^ - ;l' F ©Jggf^SK j; S-fS-T 

So 

[0 02 6 ] SD'li 1 €#ML-C^©«lfP*iSB^-r*, 
ftIA«^S*2 3*e.^^•^■? F<&Jt<i-r«Ji^. ^©JJDA 
^^2 3*5mri^S'1'"1f-* y F'f>d?7;>:-X:&^ 
e.OA-y-:/ FSJ, gMcn"X>F*-F2 4KjSe.n 
5„ n-i>F*-F2 4ll3:, ^fiL/c-{-i;-^7 
-5^ ^ F%HDLC7'0 h=3;l'KJ:DMaU, HDLC-'^* 
Ff-'-^'fc*7'-fe;U'fb$>-5i<n3:v-7f>i^U-r> JjD 

A*^2 6 ±©a«ii^K J: 'oif-vVKi -t>m^mm 

■So Mf*WfCtt. tf4^-:; F/^•<^■^ F©pmCHDL 

cm^y'yiftm7y'y^t^¥mLxmmi>. hd 

L C ©f<it) »P tc P p P ^©ffe© F 2, c i 

^>aItg■r^,s, jiniA#i^2 8±©jHi[ili^Kiiffi§hfc 

H D L C -7 F «JnA^ji^.3S*liS^g 2 7 K j: f) 

mmmm(Dmm>i^m\t^nx rf >; i^^g i 
0{cA;^i?nSo -^v^^gl ot?5a, -&©^a{t§ 
ntcim^^m ■ 5}tt[iigs 1 1 {ci i3^iraA#©ii^M 

© H D L C ^N-^r F (^Wthid J; U^J v^if^^^-^ 
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/c-f^-y-^^ '^ F^^•^^•v F«7FUX9^^ i/i'iasgl 3CC 
jtP,n-So TFUX9^xy i'ilSgl 3tt, -f— y-^-^/F 
7FU':^i I P7Fwxi©ffi§^-t'; 1 4(i:S)6*^(; 

is?)S^Sn/c^*';f— ■/-'l'©rtSii:l:«t, 
iMi^J:■5ffi*•^t)^±©^^•-5-•y YXS)UWfsE}-^^-'j Fi 

L-c^-r-s. ^iE^^•^^-:, FW^I-©^-?'^--^ Ft^-^'—^^*^ 
fflij-f-tf^'y F2 2Kjiiffl-r.5ii^>{c, mm^tim 

omKmU-^^ y F 2 1 K>Pf Lr *>3t®^JiKj: 
10 3iffi-r.5. 

[0 02 7] 06tt7 FPXg^^c ■i/i'lllggl SCttfP? 
t3-&7n-r„ 7FU;^?*-3'i'llS§l 3{Cj;|>7Fl';^ 

-V^-^y F>'^■'^^-v hO^om^. ARPv^■^r.;, F-Sfttf 
W-f-^i- F-'-f^^f F©*©Ji-^. fcJ;0'^©?I]^®i» 

[0 028] F/>-4^':' F!5SA;fjSti*i. 7 

FPXg^i ■;;i'Ip|Sgl 35*, ^©7=^-3?-7-f-;l'F©F*9 
20 S:*^ I P^'Hr y hifiARP^m^^'r y F*>%#iJif-r-2). 
I PA-^r-, F©Ji^Ktt, -r— tJ-^-:/ h^^•'>-2' F©'^-:' 
^TK^S n.5jift7nSfc«5B$fe©'f 9-4^ y h7 FPX 
i, I PA^r., h(0-^yific^tn6mm7i:tMm9c 
©I P7FU'Xi§t^fflt>. ftltUSn/c-f-tf-^i' F7 
FWXi I P7 Fu;^i©a*^t)-tii^*'; 1 41^© 
f - P,/!)^ D § nftiffi^^b-a- i 4 it® 

L, l<^■rni^>M^fe■SJi^^CK^©^^•^-•;' F^I^St 
•So tfc. ^--V^y \-J-<^y hOf-ity -i-Jll^O) 

^^tftARpm^^^^y i-om^mt, -eoARPis^ 

30 /•<ir y h<D-^y ¥PlOmbXl>^m^<D-{ -^^ y F7 
FlxXi I P7 Fl^Xi©ffla--&t)-a'i, ^*yi4F*3 

t,^-rni^>s%-sii^K«^©^N-^';- F^^*-r 

So 

[0 02 9] :^iE^^ir v F $l5J±-rS BW^^ i . 
S^WKt*. ARP^^•-5^v F©3='x-i.i'r+^-r-*-g>o 
/c/cL. ii^s:© I PJ^ir y V^^ts^-V-^ y F^"?^ y 

V^^^^^y-i^thCtX, ^lE^-ier-:; F€J;0«5lK 

40 [0 0 3 0 ] S7»y*'J 1 4{i:&e.*Desf)S#§tia 
f"-3^JV©-FJ*inTo C©f— 7';Kctt, JJIIA^^^ 
ffl-Y-tJ-^-y F7FUXi I P7Vl'7.t(Dyt^mmm 
§n.So 7FUX3^;c-:;i'liISSl 3i, Ctl^©7FU 

x(r>n\m^^9:!^yi'ti,, mm. n^c^-v-^y 

F7FIxX35S r-^-V^y F7FPX1J xm9ilP7 
FUXA5 r I P7FUX1 J ©^sCttMjtS-a-Si&s, 55 
^^-■^^y F7FUXds r^'-f-4^-? F7FPX1 J 
■C^Jfel P7F^X:^)S ri P7FbX2j (c^stxr 
t,>■5j;^^:^^•^^2, FBI^-rSo ARP'^-iry hic-oi,^ 
50 -rl)!?!!!!:, ARPjSg^-;^':' F©-^-:'3^'W©B?L/-Ct^ 
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[0 03 1 ] CCDj:'5!5:7--:/;l'%^*y 1 4rt{cg^ 
•r-s:^^ i Lr B> -T" >; -^^ e^^g i o -cim-r^ c i 4> 

SSL, FTP (File Transfer Protocol) *5l<>ttSN 10 
MP (Simple Network Managentnt Protocol) -f-CDffe® 

[0 03 2] C©llififf5,^{Cfcl,^T«>Se3RMiiI«K, 

©>'^■-5^y ^4■^^>^^^IlJ>f-t^*'y F 2 2©i?>(C3M#L.. 
%5t3!)5ffi©»nA#ffliJfc *nif -f "f-^ F 3 > F a " 5 

1 5v^(o^-<-!r-j vim^bx^^(Dmx^m2 3 

(cj*ft-rsci*)r^a. c©JS^, i'©ig**ii©JD 20 
A#il^ (a#?f<"F) *Sl^tt-l2>4?ffliJW-"f-4^-:' F 

FTFbX^r^SL, y^Uf— 7';VK«}#0-Cte<o 
c©^* yf■-■:/;^%^iE^^■^■^ Fg'x 2/ 
^I'iSfflU, =i<-Ftt«*iiaL.fcjfJ^©^--:/;l'4ffi 

[0 03 3] a±mm bfcmmmm-cu. i pt f ux 
t-^'-v^v FT Fuxi©fi*AP,*:'D&®^§nr 

i,^5«>©:*^£-5:i^?'x-^i7L-. S^^giM^cS^iE-^ 30 

[0034] &±mm bfcmMBM-cu. mmmmt ^ 
ti\ mm<D -i -^^^ yh^mmfu v v^m-oyir^- f fc 

t^-CK^fc^* >; f -":/;l'4^M-r5«)z£i-rs C i 
pffgr^So S^fc. I PM#€Wc-^-l?-*-y FTF 
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